File tree Expand file tree Collapse file tree 5 files changed +401
-6
lines changed
Expand file tree Collapse file tree 5 files changed +401
-6
lines changed Original file line number Diff line number Diff line change 1+ # CODEOWNERS - Define code ownership for automatic review requests
2+ # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
3+
4+ # Default owners for everything in the repo
5+ * @ charlespoulin
6+
7+ # Python source code
8+ /src / @ charlespoulin
9+
10+ # Tests require review
11+ /tests / @ your-username
12+
13+ # CI/CD workflows - critical changes
14+ /.github /workflows / @ your-username
15+
16+ # Security policy changes
17+ SECURITY.md @ your-username
18+
19+ # Dependency changes
20+ pyproject.toml @ your-username
21+ uv.lock @ your-username
22+
23+ # Documentation
24+ /docs / @ your-username
25+ README.md @ your-username
Original file line number Diff line number Diff line change 11## Description
2+
23Please include a summary of the change and which issue is fixed.
34
45## Type of change
6+
57- [ ] Bug fix (non-breaking change which fixes an issue)
68- [ ] New feature (non-breaking change which adds functionality)
79- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
810- [ ] Documentation update
911
10- ## Checklist:
12+ ## Checklist
13+
1114- [ ] My code follows the style guidelines of this project
1215- [ ] I have performed a self-review of my own code
1316- [ ] I have commented my code, particularly in hard-to-understand areas
Original file line number Diff line number Diff line change 11version : 2
22updates :
3+ # Python dependencies
34 - package-ecosystem : " pip"
45 directory : " /"
56 schedule :
6- interval : " weekly"
7+ interval : " daily"
8+ time : " 09:00"
9+ timezone : " America/New_York"
10+ labels :
11+ - " dependencies"
12+ - " python"
13+ commit-message :
14+ prefix : " chore(deps)"
715 groups :
8- dependencies :
9- patterns :
10- - " *"
16+ # Group dev dependencies together (can auto-merge)
17+ dev-dependencies :
18+ patterns :
19+ - " pytest*"
20+ - " ruff"
21+ - " mypy"
22+ - " pre-commit"
23+ - " bandit"
24+ - " commitizen"
25+ update-types :
26+ - " minor"
27+ - " patch"
28+ # Group production dependencies separately
29+ production :
30+ patterns :
31+ - " *"
32+ exclude-patterns :
33+ - " pytest*"
34+ - " ruff"
35+ - " mypy"
36+ - " pre-commit"
37+ - " bandit"
38+ - " commitizen"
39+
40+ # GitHub Actions
1141 - package-ecosystem : " github-actions"
1242 directory : " /"
1343 schedule :
14- interval : " weekly"
44+ interval : " daily"
45+ time : " 09:00"
46+ labels :
47+ - " dependencies"
48+ - " github-actions"
49+ commit-message :
50+ prefix : " chore(deps)"
51+ groups :
52+ actions :
53+ patterns :
54+ - " *"
Original file line number Diff line number Diff line change 1+ name : Dependabot Auto-Merge
2+
3+ on : pull_request
4+
5+ permissions :
6+ contents : write
7+ pull-requests : write
8+
9+ jobs :
10+ dependabot-auto-merge :
11+ runs-on : ubuntu-latest
12+ if : github.actor == 'dependabot[bot]'
13+
14+ steps :
15+ - name : Fetch Dependabot metadata
16+ id : metadata
17+ uses : dependabot/fetch-metadata@v2
18+ with :
19+ github-token : " ${{ secrets.GITHUB_TOKEN }}"
20+
21+ - name : Auto-approve patch updates
22+ if : steps.metadata.outputs.update-type == 'version-update:semver-patch'
23+ run : gh pr review --approve "$PR_URL"
24+ env :
25+ PR_URL : ${{ github.event.pull_request.html_url }}
26+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
27+
28+ - name : Auto-approve minor updates for dev dependencies
29+ if : |
30+ steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
31+ steps.metadata.outputs.dependency-type == 'direct:development'
32+ run : gh pr review --approve "$PR_URL"
33+ env :
34+ PR_URL : ${{ github.event.pull_request.html_url }}
35+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
36+
37+ - name : Auto-merge patch and minor updates
38+ if : |
39+ steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
40+ (steps.metadata.outputs.update-type == 'version-update:semver-minor' &&
41+ steps.metadata.outputs.dependency-type == 'direct:development')
42+ run : gh pr merge --auto --squash "$PR_URL"
43+ env :
44+ PR_URL : ${{ github.event.pull_request.html_url }}
45+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
You can’t perform that action at this time.
0 commit comments